Many of the most popular online publishers are leaking readers’ names, addresses, home phone numbers, email addresses and other personal data to outside parties, according to a new study.

“The problem of privacy has worsened significantly in spite of the various proposals and reports by researchers, government agencies, and privacy advocates,” researchers from AT&T and Worcester Polytechnic Institute state in their most recent report about online privacy.

Numerous research papers have listed different vectors of personally identiable information leaking via traditional and mobile Online Social Networks (OSNs) and highlighted the ongoing aggregation of data about users visiting popular Web sites. We argue that the landscape is worsening and existing proposals (including the recent U.S. Federal Trade Commission’s report) do not address several key issues. We examined over 100 popular non-OSN Web sites across a number of categories where tens of millions of users representing diverse demographics have accounts, to see if these sites leak private information to prominent aggregators. Our results raise considerable concerns: we see leakage in sites for every category we examined; fully 56% of the sites directly leak pieces of private information with this result growing to 75% if we also include leakage of a site userid. Sensitive search strings sent to healthcare Web sites and travel itineraries on flight reservation sites are leaked in 9 of the top 10 sites studied for each category. The community needs a clear understanding of the shortcomings of existing privacy protection measures and the new proposals. The growing disconnect between the protection measures and increasing leakage and linkage suggests that we need to move beyond the losing battle with aggregators and examine what roles first-party sites can play in protecting privacy of their users.

Contact Me

Reach me via email to admin[at]pogowasright.org or to breaches[at]protontomail.ch.
You can find me on Twitter as @pogowasright.
I'm also on Jabber as [email protected]
If you know about a breach that should be included on this site or need to contact me about another matter, e-mail me: admin[at]databreaches.net
Alternate Email: breaches[at]protonmail.ch.
Need Signal for tips or leaks? It's available, as is Ricochet for IM. Ask.